克服“X-Frame-Options 禁止显示"的问题 [英] Overcoming "Display forbidden by X-Frame-Options"
问题描述
我正在编写一个小网页,其目的是将其他几个页面框起来,只是为了将它们合并到一个浏览器窗口中以便于查看.我试图框住的一些页面被框起来并抛出拒绝显示文档,因为 X-Frame-Options 禁止显示".Chrome 中的错误.我知道这是一个安全限制(有充分的理由),并且无权更改它.
I'm writing a tiny webpage whose purpose is to frame a few other pages, simply to consolidate them into a single browser window for ease of viewing. A few of the pages I'm trying to frame forbid being framed and throw a "Refused to display document because display forbidden by X-Frame-Options." error in Chrome. I understand that this is a security limitation (for good reason), and don't have access to change it.
是否有其他框架或非框架方法可以在单个窗口中显示不会被 X-Frame-Options 标题绊倒的页面?
Is there any alternative framing or non-framing method to display pages within a single window that won't get tripped up by the X-Frame-Options header?
推荐答案
我遇到了类似的问题,我试图在 iframe 中显示来自我们自己网站的内容(作为带有 Colorbox),并且我们在源服务器上有一个服务器范围的X-Frame-Options SAMEORIGIN"标头阻止它加载我们的测试服务器.
I had a similar issue, where I was trying to display content from our own site in an iframe (as a lightbox-style dialog with Colorbox), and where we had an server-wide "X-Frame-Options SAMEORIGIN" header on the source server preventing it from loading on our test server.
这似乎没有记录在任何地方,但是如果您可以编辑您尝试 iframe 的页面(例如,它们是您自己的页面),只需发送另一个带有任何字符串的 X-Frame-Options 标头完全禁用 SAMEORIGIN 或 DENY 命令.
This doesn't seem to be documented anywhere, but if you can edit the pages you're trying to iframe (eg., they're your own pages), simply sending another X-Frame-Options header with any string at all disables the SAMEORIGIN or DENY commands.
例如.对于 PHP,把
eg. for PHP, putting
<?php
header('X-Frame-Options: GOFORIT');
?>
在您的页面顶部将使浏览器将两者结合起来,从而产生
at the top of your page will make browsers combine the two, which results in a header of
X-Frame-Options SAMEORIGIN, GOFORIT
...并允许您在 iframe 中加载页面.当在服务器级别设置初始 SAMEORIGIN 命令时,这似乎有效,并且您希望在逐页情况下覆盖它.
...and allows you to load the page in an iframe. This seems to work when the initial SAMEORIGIN command was set at a server level, and you'd like to override it on a page-by-page case.
一切顺利!
这篇关于克服“X-Frame-Options 禁止显示"的问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!